CYB_250_Stepping_Stone_One
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
250
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by DrTree1894
CYB 250 Stepping Stone One Template
Howard Threat Model
Incident
Target Breach
Sony Breach
OPM Breach
Attackers
Cybercriminals/ a Russian
national named Roman
Valerevich Seleznev “Track2”
Guardians of Peace backed by
a nation state. (The U.S.
Government blames North
Korea)
"APT 19" or "Deep Panda,"
And the Chinese Government
Tools
Malware BlackPOS/Kaptoxa
Malware/ WIPER
Malware remote access tool
"Sakula."
Vulnerability
Citadel Trojan/ Stolen
credentials from a third-party
HVAC contractor
Vulnerability wasn’t officially
reported but seems to be
some sort of 0 day exploit that
the hackers took advantage of.
Unpatched software, lack of
segmentation
Action
Probe, Scan, Bypass, Read,
Copy, Steal
Probe, Scan, Bypass, Read,
Copy, Steal
Probe, Scan, Bypass, Read,
Steal, Authenticate
Target
Credit card information/
account data
Employee data, unreleased
films, email, and other
documents
PII, background investigation
data, security clearance data,
fingerprints
Unauthorized Result
Disclosure of PII, stolen
financial information/ credit
cards
disclosure of PII, theft of data
Data theft
Objective
Financial gain.
Financial gain, damage, threat
Uncertain, but given it was a
of future harm.
government department that
was hacked it was likely to
have been espionage by the
Chinese government.
In the Sony hack of 2014, all three components of the CIA triad were impacted to some extent, but
Confidentiality
is the most
applicable aspect. Hackers gained unauthorized access to Sony's internal network, resulting in the leakage of highly sensitive data,
including employee personal information, confidential business documents, and unreleased films. The confidential nature of this data
was compromised, and it was exposed to the public, causing significant harm to Sony. The attack was mainly about exposing
confidential information to threaten and embarrass Sony. The hackers didn’t seem to have an objective of compromising the integrity
of said data or necessarily preventing access. These may still have been a side effect of the hack, but they were not the original design.
Now, let's address your other questions:
By adopting an adversarial mindset, an organization can better understand the capabilities, motivations, and tactics of potential
attackers. Assuming an adversarial mindset might involve considering various threat actors, their objectives, and their potential
methods of attack. In the case of Sony, they knew ahead of time that hackers were threatening them, and that North Korea had made
threats surrounding the release of the movie “The Interview”. With that in mind Sony could assume that the intention of an attack
would be to further threaten the company. They could then look at what data they hold that would be of the most use to a hacker trying
to extort and embarrass them. With an adversarial mindset, the organization can proactively anticipate possible attack scenarios and
vulnerabilities that attackers might exploit. In the case of Sony, they could have put extra scrutiny on the most sensitive information
such as their intellectual property and employee records. Extra protections in the form of encryption or multi-factor authentication
when accessing this sensitive data could have limited the damage done.
If the organization had proactively used threat modeling before the Sony hack, several changes could have been made to avoid or
mitigate the incident:
Improved Access Controls
: The organization could have implemented stricter access controls and multi-factor authentication
to prevent unauthorized access to sensitive systems and data.
Regular Security Audits
: Regular security audits and vulnerability assessments could have been conducted to identify and
remediate weaknesses in the network infrastructure and applications.
Employee Training
: Security awareness training for employees could have been enhanced to recognize and report phishing
attempts and other social engineering tactics.
Incident Response Plan
: Developing a robust incident response plan could have enabled a faster and more coordinated
response to the breach, potentially limiting the damage.
Data Encryption
: Sensitive data could have been encrypted to protect it even if attackers managed to access the network.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Defending the Need for Performing Threat Modeling
:
1.
Risk Mitigation
: Threat modeling identifies potential security risks and vulnerabilities before they can be exploited by
attackers. By addressing these issues proactively, an organization can reduce the likelihood of security incidents and their
associated costs.
2.
Cost-Efficiency
: Investing time and resources in threat modeling is often more cost-effective than dealing with the
consequences of a security breach, including financial losses, reputation damage, and legal liabilities.
3.
Compliance
: Many regulatory frameworks and industry standards require organizations to perform risk assessments and take
proactive steps to protect sensitive data. Threat modeling helps meet these compliance requirements.
Importance for Security Practitioners
:
Effective Risk Management
: Threat modeling allows security practitioners to prioritize security efforts by focusing on the
most critical and likely threats. It helps them make informed decisions about security controls and resource allocation.
Collaboration
: Threat modeling often involves cross-functional collaboration between security teams, developers, testers, and
other stakeholders. This collaboration improves communication and ensures that security considerations are integrated into the
development process.
Reduced Attack Surface
: Security practitioners can use threat modeling to identify and minimize the attack surface, reducing
the number of potential vulnerabilities that attackers can exploit.
Organizational Advantages
:
Streamlined Development
: Beyond security controls, threat modeling can lead to more efficient and streamlined development
processes. It encourages the identification and resolution of potential issues early in development.
Cost Savings
: By addressing security issues early and preventing security incidents, organizations can save significant costs
associated with breach remediation, legal actions, and reputation management.
Competitive Advantage
: Demonstrating a strong commitment to security through proactive threat modeling can be a
competitive advantage, instilling trust in customers and partners.
Differences in Threat Modeling by Roles in IT
:
Testers
: Testers focus on identifying vulnerabilities in software and systems. They may perform activities like penetration
testing to assess how an attacker could exploit vulnerabilities.
Designers
: Designers analyze potential threats at the architectural level. They consider the system's overall structure and
design security controls to mitigate threats effectively.
Developers
: Developers play a role in tracking data flow and ensuring secure coding practices. They implement security
features and address vulnerabilities identified during development.
Each role has a unique perspective on threat modeling, but all are essential for a comprehensive approach to security. Collaboration
between these roles is crucial to effectively address security concerns throughout the development lifecycle.
References
Cyware. (n.d.).
A brief look at the Citadel Banking trojan: Cyware Hacker News
. Cyware Labs.
https://cyware.com/news/a-brief-look-
at-the-citadel-banking-trojan-950flbf6
Koerner, B. I. (2016, October 23).
Inside the OPM hack, the cyberattack that shocked the US Government
. Wired.
https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/
Meyer, A. (2015, January 9).
Lessons from the Sony breach in risk management and business resiliency
. Network World.
h
ttps://www.networkworld.com/article/2867313/lessons-from-the-sony-breach-in-risk-management-and-business-
r
esiliency.html
The OPM Hack explained: Bad security practices meet China’s Captain America
. CSO Online. (2020, February 12).
https://www.csoonline.com/article/566509/the-opm-hack-explained-bad-security-practices-meet-chinas-captain-america.html
Peterson, A. (2021, December 6).
The sony pictures hack, explained
. The Washington Post.
https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
Shu, X., Tian, K., Ciambrone, A., & Yao, D. (2017). Breaking the Target: An Analysis of Target Data Breach and Lessons Learned.
US OPM hack exposes data of 4 million federal employees
. US OPM Hack Exposes Data of 4 Million Federal Employees –
Nachrichten zum Thema Sicherheit - Trend Micro DE. (n.d.). h
ttps://www.trendmicro.com/vinfo/de/security/news/cyber-
a
ttacks/us-opm-hack-exposes-data-of-4-million-federal-employees
Wikimedia Foundation. (2023a, June 6).
Office of Personnel Management Data Breach
. Wikipedia.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach
Wikimedia Foundation. (2023b, September 9).
Sony Pictures hack
. Wikipedia.
https://en.wikipedia.org/wiki/Sony_Pictures_hack#:~:text=The%20attack%20was%20conducted%20using,against%20a
%20
major%20entertainment%20company.